Rising global cyber security attacks being experienced by organisations, regardless of sector, size or perceived security levels is indicative of a new perfect storm that threatens all of us, the Chair of the Cyber Security Council warned delegates at PIMFA’s Financial Crime and Cyber Resilience Conference today (22 April).
Dr Claudia Natanson said the unprecedented volumes of data we now create, use, store and process combined with increased use of smart technology, ransomware attacks fuelled by cryptocurrency and changes in ways of working and living meant it was vital that companies and individuals alike were vigilant about who held their data and who that data was shared with.
Dr Natanson said “data is now the most expensive currency and we have never had so much data” in the world. She explained that we are currently creating 2.5 quintillion bytes of data a year and by 2025, which is likely to increase to 4.63 quintillion bytes, due to the increasing rollout of 5G internet and the expectation that over 41 billion devices will be connected to the internet by 2025. Dr Natanson also pointed out the increased use of the Internet of Things meant that by 2025 cyber attack breaches are expected to rise by around 25%.
She cautioned that already a company was the target of a ransomware attack every 14 seconds adding it was likely to increase to every 11 seconds by the end 2021. Moreover, on average it took companies globally nearly 300 days to detect and eradicate a ransomware attack on their system. Dr Natanson added: “We know many organisations are actually paying ransoms which means they end up hooked on a ‘suckers list’ because they [the hackers] exploit them continually because they know they will pay”.
The increase in cyber-attacks had, she said, been fuelled by the Covid-19 pandemic and changes to the way in which we live and work which were likely to remain permanent. “Protecting organisational and individual wellbeing is going to be very important going forward” she said, warning companies would need to take account of flexible working practices in their thinking when looking to protect themselves from cyber-attacks.
She added it was the Government’s ambition that the UK become one of the safest places in the world to live and work online. This made it imperative that organisations across industries and of all sizes began to collaborate on best practices to ensure they protected themselves from cyber-attacks. Dr Natanson pointed out that 90% of businesses in the UK were small to medium sized enterprises (SME) 60% of which didn’t have a security policy, let alone implement it well.
Dr Natanson said: “Organisations need to go back to basics in terms of what they do. Cyber-security has to be demonstrated from the top of an organisation. One of the successes of cyber-crime is the [level of] collaboration between hackers particularly in terms of encryption for ransomware. We have got to learn to work much closer together and collaborate more as organisations. So, encouraging organisations to collaborate more in terms of their experience of cyber-crime is a focus area for Cyber Security Council.”
Liz Field, Chief Executive of PIMFA, commented: “I’m grateful to Dr Claudia Natanson for sharing her insights on the future risks companies may face and how organisation may protect against them. It is clear that as we become ever more reliant on technology that firms must remain vigilant to an ever-increasing number of threats that are growing in sophistication.
“I’d also like to thank all our sponsors and our speakers who have made significant contributions to the conference this week and given our delegates the benefit of their experience in dealing with financial and cyber-crime. This collaboration and sharing of experiences is extremely important for us all.
“As more services move online, we cannot afford to become complacent about protecting ourselves or our clients. This is among the many reasons why we are campaigning for financial harm to be included in the Government’s upcoming Online Safety Bill.”
PIMFA’s Financial Crime and Cyber Resilience Conference was sponsored by Lexis Nexis Risk Solutions, Herbert Smith Freehills, Mitigo Cyber Security and Shoosmiths.
